317fb68c01b6dcf2877e3893e4dd976ef56d6d31e6ca38cc8adc5b1d100b1c1e

Sharing

Copy URL Twitter E-mail

General

Target

317fb68c01b6dcf2877e3893e4dd976ef56d6d31e6ca38cc8adc5b1d100b1c1e
Size

745KB
MD5

cb818b2dbb9f6dda00e6643f3875129c
SHA1

10a41128109bff7e37e958526e67652742cb5240
SHA256

317fb68c01b6dcf2877e3893e4dd976ef56d6d31e6ca38cc8adc5b1d100b1c1e
SHA512

b43482f75c758bbd8a973b1e0404359dcb91d838871adf4dfb31bf56e0c6ffcfd583875a0f5325987f9adcbd3d1d5cae7a583e2d47fa8eb6673e8985748514ad
SSDEEP

12288:OY4tXvE5FHX36eZ1tm+uTOW2wXDczJDjPS255DSeiUJ/uKUqe9aHmTdr262F+k3X:H4ts5FHX36eqOW2wXyJv/uKUqe9aHmTW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
317fb68c01b6dcf2877e3893e4dd976ef56d6d31e6ca38cc8adc5b1d100b1c1e

Files

317fb68c01b6dcf2877e3893e4dd976ef56d6d31e6ca38cc8adc5b1d100b1c1e
.dll windows:5 windows x86 arch:x86

51bf11787a66b387a33f020ecdba3b6c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

boundscheck

hw2_wcsncpy_s
hw2_strcat_s
hw2_strcpy_s
hw_snprintf_s
hw2_memmove_s
hw2_wcscpy_s
hw2_strncat_s
hw_strncpy_s
rx_memmove_x
rx_memset_x
rx_memcpy_x
hw_sscanf_s
hw_swprintf_s
hw_sprintf_s
hw2_memcpy_s
hw2_memset_s

rxruntim

RoCreateInstance

shlwapi

StrTrimW
PathFindFileNameW
PathFindExtensionW
PathIsUNCW
StrCmpNW
StrCmpW
PathIsFileSpecW

kernel32

CreateFileW
CloseHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
RtlUnwind
HeapReAlloc
LCMapStringW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LoadLibraryW
OutputDebugStringW
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
GetSystemDirectoryW
ExpandEnvironmentStringsW
SearchPathW
GetLongPathNameW
GetSystemDirectoryA
GetWindowsDirectoryA
HeapAlloc
GetLastError
HeapFree
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
WideCharToMultiByte
GetCommandLineA
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
GetProcAddress
GetStdHandle
WriteFile
GetModuleFileNameW
GetProcessHeap
GetACP
Sleep
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
RaiseException
SetLastError
IsValidCodePage
GetOEMCP
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetStringTypeW
HeapSize
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW

user32

IsCharAlphaA

advapi32

RegEnumValueW
RegOpenKeyExW
RegQueryValueExA
RegOpenKeyExA

shell32

SHGetFolderPathW

Exports

Exports

REGetClassObject

Sections

.text
Size: 584KB - Virtual size: 584KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

51bf11787a66b387a33f020ecdba3b6c

Headers

DLL Characteristics

File Characteristics

Imports

boundscheck

rxruntim

shlwapi

kernel32

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 584KB - Virtual size: 584KB

.rdata Size: 94KB - Virtual size: 93KB

.data Size: 27KB - Virtual size: 36KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 36KB - Virtual size: 35KB

.text
Size: 584KB - Virtual size: 584KB

.rdata
Size: 94KB - Virtual size: 93KB

.data
Size: 27KB - Virtual size: 36KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 36KB - Virtual size: 35KB